PXE遠端裝機服務批量部署LINUX系統
阿新 • • 發佈:2020-10-14
一、搭建FTP服務並配置ftp的本地yum源:
#mkdir/mnt/cdrom #mount/dev/sr0/mnt/cdrom/#掛載Centos7光碟 #yum-yinstallvsftpd#安裝ftp服務 #vim/etc/vsftpd/vsftpd.conf#修改ftp配置檔案,新增下面三行到connect_from_port_20=YES後面 pasv_enable=YES#使用被動模式 pasv_min_port=3001#設定被動模式監聽埠號範圍 pasv_max_port=3100#設定被動模式監聽埠號範圍 #systemctlstartvsftpd.service#啟動vsftp服務 #mkdir/var/ftp/yum#ftp目錄下建立yum目錄 #cp-rf/mnt/cdrom/*/var/ftp/yum#將光碟的所有內容複製到yum目錄下作為yum源 #mkdir/etc/yum.repos.d/old #mv/etc/yum.repos.d/*.repo/etc/yum.repos.d/old#移動備份下現有的yum源配置檔案 #vim/etc/yum.repos.d/CentOS-cr.repo#建立一個新的yum源配置檔案,內容如下: [cr] name=CentOS-$releasever-cr baseurl=ftp://192.168.8.10/yum gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 enabled=1 #yumcleanall #yummakecache
二、搭建DHCP服務:
#yum-yinstalldhcp #cp/usr/share/doc/dhcp-4.2.5/dhcpd.conf.example/etc/dhcp/dhcp.conf#通過幫助模板建立DHCP配置檔案 #vim/etc/dhcp/dhcpd.conf#修改DHCP配置檔案 default-lease-time600; max-lease-time7200; log-facilitylocal7; subnet192.168.8.0netmask255.255.255.0{ range192.168.8.100192.168.8.200; optionrouters192.168.8.2; optionbroadcast-address192.168.8.255; default-lease-time600; max-lease-time7200; next-server192.168.8.10;#指定PXE引導伺服器 filename"pxelinux.0";#指定引導檔案 } #systemctlstartdhcpd.service#啟動DHCP服務
三、搭建TFTP服務和syslinux:
#yum-yinstalltftp-server #yum-yinstallsyslinux #vim/etc/xinetd.d/tftp#開啟tftp服務,因為tftp是xinetd控制的,所以要修改相關配置檔案後重啟xinetd服務 disable=no#把yes改成no代表開啟tftp服務 #systemctlstartxinetd.service #cp/usr/share/syslinux/pxelinux.0/var/lib/tftpboot/ #cp/var/ftp/yum/isolinux/{vmlinuz,initrd.img,vesamenu.c32,boot.msg}/var/lib/tftpboot/ #mkdir/var/lib/tftpboot/pxelinux.cfg #cp/var/ftp/yum/isolinux/isolinux.cfg/var/lib/tftpboot/pxelinux.cfg/default#複製並重命名為default #vim/var/lib/tftpboot/pxelinux.cfg/default#修改default檔案,新增下面的內容,注意:記得同時刪除後面原有的menudefault labelcentos7 menulabel^InstallCentOS7Linetworkserver menudefault kernelvmlinuz appendinitrd=initrd.imginst.stage2=ftp://192.168.8.10/yuminst.ks=ftp://192.168.8.10/ks.cfgquiet#指定安裝系統軟體時的軟體地址,和安裝系統的配置檔案
四、安裝system-config-kickstart並配置生成上面指定的配置檔案:
#yum-yinstallsystem-config-kickstart #system-config-kickstart#進入圖形化配置生成介面,配置完成後將檔案儲存在上面指定的位置,即:/var/ftp/ks.cfg
當然,這個配置檔案也可以手動編輯了:
#vim/var/ftp/ks.cfg #platform=x86,AMD64,orIntelEM64T #version=DEVEL #InstallOSinsteadofupgrade install #Keyboardlayouts keyboard'us'#Rebootafterinstallation reboot #Rootpassword rootpw--iscrypted$1$uP/6KVVM$domD73qgFbtoo5.Udls1V. #Systemtimezone timezoneAsia/Shanghai #Usenetworkinstallation url--url="ftp://192.168.8.10/yum" #Systemlanguage langen_US #Firewallconfiguration firewall--enabled--ssh #Networkinformation network--bootproto=dhcp--device=eth0 #Systemauthorizationinformation auth--useshadow--passalgo=sha512 #Usegraphicalinstall graphical #RuntheSetupAgentonfirstboot firstboot--enable #SELinuxconfiguration selinux--enforcing #Systembootloaderconfiguration bootloader--location=mbr #CleartheMasterBootRecord zerombr #Partitionclearinginformation clearpart--all--initlabel #Diskpartitioninginformation part/boot--fstype="ext4"--size=1024 part/home--fstype="ext4"--size=4096 partswap--fstype="swap"--size=2048 part/--fstype="ext4"--size=10240 %packages#這一段是將要安裝的軟體包組 @base @core @desktop-debugging @dial-up @directory-client @fonts @gnome-desktop @guest-agents @guest-desktop-agents @input-methods @internet-browser @java-platform @multimedia @network-file-system-client @networkmanager-submodules @print-client @x11 kexec-tools %end %post--interpreter=/bin/bash#這一段是需要部署完成後執行的指令碼,非必須,下面兩個指令碼分別是我加的配置yum源和更新ssh mkdir/etc/yum/old cp-rf/etc/yum.repos.d/*/etc/yum/old rm-rf/etc/yum.repos.d/* echo'#CentOS-Base.repo # #ThemirrorsystemusestheconnectingIPaddressoftheclientandthe #updatestatusofeachmirrortopickmirrorsthatareupdatedtoand #geographicallyclosetotheclient.YoushouldusethisforCentOSupdates #unlessyouaremanuallypickingothermirrors. # #Ifthemirrorlist=doesnotworkforyou,asafallbackyoucantrythe #remarkedoutbaseurl=lineinstead. # # [base] name=CentOS-$releasever-Base-mirrors.aliyun.com failovermethod=priority baseurl=ftp://192.168.8.10/yum gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 gpgcheck=1 enabled=1 '>/etc/yum.repos.d/CentOS7.repo wgetftp://192.168.8.10/pub/openssh-7.6p1.tar.gz tar-xfopenssh-7.6p1.tar.gz cdopenssh-7.6p1 yum-yinstallgcc yuminstall-yzlib-devel yum-yinstallopenssl-devel ./configure--prefix=/usr--sysconfdir=/etc/ssh make rpm-e--nodeps`rpm-qa|grepopenssh` cp-rf/etc/ssh./ssh.bak rm-rf/etc/ssh/* makeinstall echo"#$OpenBSD:sshd_config,v1.1012017/03/1407:19:07djmExp$ #Thisisthesshdserversystem-wideconfigurationfile.See #sshd_config(5)formoreinformation. #ThissshdwascompiledwithPATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/ssh/bin #Thestrategyusedforoptionsinthedefaultsshd_configshippedwith #OpenSSHistospecifyoptionswiththeirdefaultvaluewhere #possible,butleavethemcommented.Uncommentedoptionsoverridethe #defaultvalue. #Port22 #AddressFamilyany #ListenAddress0.0.0.0 #ListenAddress:: #HostKey/etc/ssh/ssh_host_rsa_key #HostKey/etc/ssh/ssh_host_dsa_key #HostKey/etc/ssh/ssh_host_ecdsa_key #HostKey/etc/ssh/ssh_host_ed25519_key #Ciphersandkeying #RekeyLimitdefaultnone #Logging #SyslogFacilityAUTH #LogLevelINFO #Authentication: #LoginGraceTime2m PermitRootLoginyes #StrictModesyes #MaxAuthTries6 #MaxSessions10 #PubkeyAuthenticationyes #Thedefaultistocheckboth.ssh/authorized_keysand.ssh/authorized_keys2 #butthisisoverriddensoinstallationswillonlycheck.ssh/authorized_keys AuthorizedKeysFile.ssh/authorized_keys #AuthorizedPrincipalsFilenone #AuthorizedKeysCommandnone #AuthorizedKeysCommandUsernobody #Forthistoworkyouwillalsoneedhostkeysin/etc/ssh/ssh_known_hosts #HostbasedAuthenticationno #Changetoyesifyoudon'ttrust~/.ssh/known_hostsfor #HostbasedAuthentication #IgnoreUserKnownHostsno #Don'treadtheuser's~/.rhostsand~/.shostsfiles #IgnoreRhostsyes #Todisabletunneledcleartextpasswords,changetonohere! #PasswordAuthenticationyes #PermitEmptyPasswordsno #Changetonotodisables/keypasswords #ChallengeResponseAuthenticationyes #Kerberosoptions #KerberosAuthenticationno #KerberosOrLocalPasswdyes #KerberosTicketCleanupyes #KerberosGetAFSTokenno #GSSAPIoptions #GSSAPIAuthenticationno #GSSAPICleanupCredentialsyes #Setthisto'yes'toenablePAMauthentication,accountprocessing, #andsessionprocessing.Ifthisisenabled,PAMauthenticationwill #beallowedthroughtheChallengeResponseAuthenticationand #PasswordAuthentication.DependingonyourPAMconfiguration, #PAMauthenticationviaChallengeResponseAuthenticationmaybypass #thesettingof"PermitRootLoginwithout-password". #IfyoujustwantthePAMaccountandsessioncheckstorunwithout #PAMauthentication,thenenablethisbutsetPasswordAuthentication #andChallengeResponseAuthenticationto'no'. #UsePAMno #AllowAgentForwardingyes #AllowTcpForwardingyes #GatewayPortsno #X11Forwardingyes #X11DisplayOffset10 #X11UseLocalhostyes #PermitTTYyes #PrintMotdyes #PrintLastLogyes #TCPKeepAliveyes #UseLoginno #PermitUserEnvironmentno #Compressiondelayed #ClientAliveInterval0 #ClientAliveCountMax3 #UseDNSno #PidFile/var/run/sshd.pid #MaxStartups10:30:100 #PermitTunnelno #ChrootDirectorynone #VersionAddendumnone #nodefaultbannerpath #Bannernone #overridedefaultofnosubsystems Subsystemsftp/usr/libexec/sftp-server #Exampleofoverridingsettingsonaper-userbasis #MatchUseranoncvs #X11Forwardingno #AllowTcpForwardingno #PermitTTYno #ForceCommandcvsserver ">/etc/ssh/sshd_config cp/openssh-7.6p1/contrib/redhat/sshd.init/etc/init.d/sshd setenforce0 chkconfig--addsshd systemctlstartsshd.service %end
五、配置防火牆,開放相關服務和埠:
#firewall-cmd--permanent--add-service=ftp#防火牆開啟ftp服務(tcp21) #firewall-cmd--permanent--add-service=dhcp#防火牆開啟DHCP服務(udp67) #firewall-cmd--permanent--add-port=69/udp#防火牆開啟tftp服務(udp69) #firewall-cmd--permanent--add-port=3001-3100/tcp#防火牆開啟ftp被動監聽的埠段 #systemctlrestartfirewalld.service#重啟防火牆使配置生效,或者firewall-cmd--reload
六、測試:
只要要安裝系統的主機和此伺服器在一個網段或者其他網段能通過DHCP中繼獲取地址就可以自動安裝了
轉載於:https://blog.51cto.com/lidongfeng/2067550